Currently a logged in user can delete their own account by navigating to their profile, then clicking Delete Account. This causes the undesired effect of keeping the user session live, but having no account against their session with which to interact.
To fix this, I propose the following:
Create a Delete Account View / route
Warns the user that they are going to delete their account, and that this is irreversible.
Requests user type in their password again (?)
Add checking to the Delete Account flow.
When deleting an account, kill any existing sessions in the Application.java call, then process the delete.
pkarjala
commented
9 years ago
Currently a logged in user can delete their own account by navigating to their profile, then clicking Delete Account. This causes the undesired effect of keeping the user session live, but having no account against their session with which to interact.
To fix this, I propose the following: